注意:试图访问 null 类型值的数组偏移量 - mysqli_fetch_array?
Notice: Trying to access array offset on value of type null - mysqli_fetch_array?
我在使用 PHP 登录表单时遇到问题。
当用户名+密码正确时,一切正常,但如果不正确,则会报错:
Notice: Trying to access array offset on value of type null in
/opt/lampp/htdocs/login/process.php on line 20 Login Failed!
我知道与 mysqli_fetch_array 有关,但我不知道是什么。
PHP 是最新版本 7.4.8
<?php
// Get values from form in login.php
$username = $_POST['user'];
$password = $_POST['password'];
// To prevent SQL injection
$username = stripcslashes($username);
$password = stripcslashes($password);
// $username = mysql_real_escape_string($username);
// $password = mysql_real_escape_string($password);
// Database Connection
$con = mysqli_connect("localhost","root","1234", "login");
// Query the Db for username
$result = mysqli_query($con, "SELECT * FROM users WHERE username = '$username' AND password = '$password'")
or die("Fail to connect to database".mysql_error());
$row = mysqli_fetch_array($result);
if ($row['username'] == $username && $row['password'] == $password){
echo "Login succesfull!";
} else {
echo "Login Failed!";
}
问题是因为 $row 变量初始化为:
$row = mysqli_fetch_array($result);
当没有用户匹配提供的密码和用户名时,等于null。快速修复是扩展成功登录的条件以包括 null 检查:
if ($row !== null && $row['username'] == $username && $row['password'] == $password) {
echo "Login succesfull!";
}
附带说明一下,要知道使用 mysql_real_escape_string 转义值可能仍然不足以防止 SQL 注入。相反,应该使用带有类型化参数的准备好的语句。
此外,以纯文本形式存储密码确实不是一个好主意。建议使用例如实现一种机制password_hash and password_verify 函数。
$result = mysqli_query($con, "SELECT * FROM users WHERE username = '$username' AND password = '$password'")
or die("Fail to connect to database".mysql_error());
if(mysqli_num_rows($result) > 0) {
echo "Login succesfull!";
} else {
echo "Login Failed!";
}
我在使用 PHP 登录表单时遇到问题。
当用户名+密码正确时,一切正常,但如果不正确,则会报错:
Notice: Trying to access array offset on value of type null in /opt/lampp/htdocs/login/process.php on line 20 Login Failed!
我知道与 mysqli_fetch_array 有关,但我不知道是什么。
PHP 是最新版本 7.4.8
<?php
// Get values from form in login.php
$username = $_POST['user'];
$password = $_POST['password'];
// To prevent SQL injection
$username = stripcslashes($username);
$password = stripcslashes($password);
// $username = mysql_real_escape_string($username);
// $password = mysql_real_escape_string($password);
// Database Connection
$con = mysqli_connect("localhost","root","1234", "login");
// Query the Db for username
$result = mysqli_query($con, "SELECT * FROM users WHERE username = '$username' AND password = '$password'")
or die("Fail to connect to database".mysql_error());
$row = mysqli_fetch_array($result);
if ($row['username'] == $username && $row['password'] == $password){
echo "Login succesfull!";
} else {
echo "Login Failed!";
}
问题是因为 $row 变量初始化为:
$row = mysqli_fetch_array($result);
等于null。快速修复是扩展成功登录的条件以包括 null 检查:
if ($row !== null && $row['username'] == $username && $row['password'] == $password) {
echo "Login succesfull!";
}
附带说明一下,要知道使用 mysql_real_escape_string 转义值可能仍然不足以防止 SQL 注入。相反,应该使用带有类型化参数的准备好的语句。
此外,以纯文本形式存储密码确实不是一个好主意。建议使用例如实现一种机制password_hash and password_verify 函数。
$result = mysqli_query($con, "SELECT * FROM users WHERE username = '$username' AND password = '$password'")
or die("Fail to connect to database".mysql_error());
if(mysqli_num_rows($result) > 0) {
echo "Login succesfull!";
} else {
echo "Login Failed!";
}